diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-05-13 07:59:41 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-05-14 23:25:45 +1000 |
commit | b5dc39496272cbccdd45152f349362c2b779c326 (patch) | |
tree | a4792955392e6a1ac3a319eb0f2a486c3ed2f97f /source4 | |
parent | 8da50c8da1527bafbb0ff4e86cc12fb54dd2b4b7 (diff) | |
download | samba-b5dc39496272cbccdd45152f349362c2b779c326.tar.gz samba-b5dc39496272cbccdd45152f349362c2b779c326.tar.bz2 samba-b5dc39496272cbccdd45152f349362c2b779c326.zip |
s4:gensec expose gensec_set_target_principal for use outside GENSEC
This allows for the rare case where the caller knows the target
principal. The check for lp_client_use_spnego_principal() is moved to
the spengo code to make this work.
Andrew Bartlett
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/gensec/gensec.c | 2 | ||||
-rw-r--r-- | source4/auth/gensec/gensec.h | 2 | ||||
-rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 2 | ||||
-rw-r--r-- | source4/auth/gensec/spnego.c | 5 |
4 files changed, 8 insertions, 3 deletions
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index b532c1502d..c19d5ff5d5 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -1302,7 +1302,7 @@ _PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_s * */ -NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal) +_PUBLIC_ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal) { gensec_security->target.principal = talloc_strdup(gensec_security, principal); if (!gensec_security->target.principal) { diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 47adf039c0..45e24f194f 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -311,4 +311,6 @@ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value); bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value); +NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal); + #endif /* __GENSEC_H__ */ diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index c2f96d7b7f..d051b7f227 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -299,7 +299,7 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s } in_data.length = 0; - if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) { + if (principal) { krb5_principal target_principal; ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal, &target_principal); diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index a715085d06..bbcba8dc5f 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -28,6 +28,7 @@ #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" #include "auth/gensec/gensec_proto.h" +#include "param/param.h" enum spnego_state_position { SPNEGO_SERVER_START, @@ -826,7 +827,9 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA if (spnego.negTokenInit.targetPrincipal) { DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal)); - gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal); + if (lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) { + gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal); + } } nt_status = gensec_spnego_parse_negTokenInit(gensec_security, |